Vulnerability Development: Re: New Remote Hole found in Berkeley Fingerd!

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: New Remote Hole found in Berkeley Fingerd!

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 21 Nov 2001 13:29:16 +0300

Hello vuln-dev,

First,  this  vulnerability  has  no  relation to Berkley (BSD) fingerd.
Buggy application is "Doug's WWW Finger Gateway".

Second,  as  it  was  noted  for many times, %0a encoding is hexadecimal
ASCII, not Unicode encoding, so phrase

 "This  bug  can  be  exploited  with  Unicode / CGI Decode exploit from
 Microsoft called Internet Explorer."

is funny, but completely mess.


--Wednesday, November 21, 2001, 2:23:26 AM, you wrote to vuln-dev () securityfocus com:

vd> Hi everyone! 

vd> We have discovered a remote vulnerability in Berkeley finger, which is
vd> somewhat trivial to exploit.  The vendor has been notified and now is the
vd> time for the hole to be fully disclosed to the security community.
vd> Attached to this submission is our advisory + full working exploit.
vd> Remember to use the information responsibly. 

vd> Happy hacking. 

vd> The GOBBLES Research Team
vd> http://www.bugtraq.org 


-- 
~/ZARAZA
Ìàøèíà îêàçàëàñü ñïîñîáíîé ê åäèíñòâåííîìó äåéñòâèþ,
à èìåííî óìíîæåíèþ 2x2, äà è òî ïðè ýòîì îøèáàÿñü. (Ëåì)

By Date By Thread

Current thread:

New Remote Hole found in Berkeley Fingerd! vuln-dev (Nov 20)
- Re: New Remote Hole found in Berkeley Fingerd! 3APA3A (Nov 21)
- Re: New Remote Hole found in Berkeley Fingerd! Olaf Kirch (Nov 21)
- <Possible follow-ups>
- RE: New Remote Hole found in Berkeley Fingerd! Graeme Fowler (Nov 21)